package com.lin.cms.service;

import java.util.Date;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.lin.cms.common.security.BadCredentialsException;
import com.lin.cms.common.security.UsernameNotFoundException;
import com.lin.cms.common.web.session.SessionProvider;
import com.lin.cms.domain.Authentication;


public interface AuthenticationService {
	
	/**
	 * 认证信息session key
	 */
	public static final String AUTH_KEY = "auth_key";
	
	public Integer retrieveUserIdFromSession(SessionProvider session,HttpServletRequest request);
	
	public int deleteExpire(Date d);
	
	/**
	 * 通过认证ID，获得认证信息。本方法会检查认证是否过期。
	 * 
	 * @param authId
	 *            认证ID
	 * @return 返回Authentication对象。如果authId不存在或已经过期，则返回null。
	 */
	public Authentication retrieve(String authId);
	
	/**
	 * 登录
	 * 
	 * @param username
	 *            用户名
	 * @param password
	 *            密码
	 * @param ip
	 *            登录IP
	 * @return 认证信息
	 * @throws UsernameNotFoundException
	 *             用户名没有找到
	 * @throws BadCredentialsException
	 *             错误的认证信息，比如密码错误
	 */
	public Authentication login(String username, String password, String ip,
			HttpServletRequest request, HttpServletResponse response,
			SessionProvider session) throws UsernameNotFoundException,
			BadCredentialsException;
	
	int deleteByPrimaryKey(String authenticationId);
}
